It’s called TrickBot for a reason. The financial malware means big trouble for businesses the world over by using deceptive tactics that steal financial data. From individuals to financial institutions, TrickBot is tearing-up the Internet with its tricky tactics aimed at getting your personal financial data or that of the place you work. Either way, TrickBot is improving over time, becoming the top threat to business on a global scale.

The latest “improvement” to TrickBot uses spam email appearing to be from Deloitte, a financial services company. Just in time for tax season, these emails are about a tax-incentive, a subject most Americans would be interested to know about. The email has a Microsoft Excel spreadsheet attached that allegedly has more information about the bogus tax incentive. One curious click on the attachment and game over–TrickBot malware takes over from there by infecting the device with malware. Another new TrickBot addition steals e-currency, the alternative to traditional currency, from Bitcoin Wallets.

Since its inception in 2016, TrickBot targets customers of major banking institutions worldwide, as well as past attacks in the U.S. to include Amazon, AMEX, and PayPal. TrickBot uses phishing campaigns designed to trick users into entering their financial data, including passwords, into bogus banking websites designed to look legitimate. It works on popular browsers like Google Chrome, Internet Explorer, Mozilla Firefox, and Microsoft Edge. Hijacking all that data puts victims at risk of fraud and theft of much more than just banking information.

Always be on the lookout for phishing email and don’t take that curious click unless you are 100% certain it’s taking you to a safe website or attachment. Since many spreadsheet attachments that are laced with ransomware use macros, be sure to disable macros by default in all of your programs. If you didn’t create the macro or don’t know who did, don’t enable them for any reason! Remember to look for the telltale signs of phishing such as incorrect use of the language, typos, and generic greetings such as “To users” or greetings that use your entire name or greet you by your email address.

Stealing sensitive data also puts TrickBot in a prime position for ransomware, threatening to lock a device and its data until a ransom is paid. Looking at its past, TrickBot isn’t going anywhere soon. Beware of emails that sound too good to pass up, especially those with attachments. TrickBot is ready to pounce, and hacking history shows we may be dealing with improvements for years to come. According to Trend Micro, “While this new variant is not groundbreaking in terms of what it can do, it proves that the groups or individuals behind TrickBot are not resting on their laurels and continuously improve it, making an already-dangerous malware even more effective.”

As cybersecurity researchers are reporting, identity theft scams are improving over time. There’s a resurgence of different types of hacking schemes from several years ago that fell off the radar while newer scams took their places. The reality is, many tricks of the trade were being improved in the background, only to come back with even more sophisticated tactics.

TrickBot is one type of malware that continues to go through many versions since its arrival in 2016. Each tweak over two years included improvements, and a change of focus from other countries to the U.S. in 2017. For TrickBot and its newest version, it’s not just about hijacking banking credentials anymore. And it’s more difficult to detect and defend against than ever.

TrickBot is a financial trojan targeting customers of major banking institutions, as well as past attacks in the U.S. to include Amazon, AMEX, and PayPal. TrickBot uses phishing campaigns designed to trick users into entering their financial data, including passwords, into bogus banking websites designed to look legitimate. The latest spin on the malware uses a fake Excel document alerting users that a file uses an earlier version of Excel, needing an update to view it. Once the user takes the bait, Trojan malware is installed on the device and steals not only usernames and passwords from system applications, but it takes all sorts of browser information like history, cookies, and autofill information. It works on popular browsers like Google Chrome, Internet Explorer, Mozilla Firefox, and Microsoft Edge. Hijacking all that data puts victims at risk of fraud and theft of much more than just banking information. Having that sensitive data also puts TrickBot in a prime position for ransomware, with the threat of locking a device until a ransom is paid.

TrickBot email phishing spoofs legitimate banking websites, offering a juicy bit of information in the subject line such as “Your Payment is Attached.” Many curious and hopeful recipients can’t resist opening the email and clicking on an attachment or a link. Once that happens, the TrickBot Trojan infects, installs and embeds malware on the device. A seemingly innocent email is responsible for stealing banking credentials to start, but then takes so much more.

The lesson is not to assume that everything in your inbox is legitimate, no matter how high spam filters are set. Hackers use an email phishing trojan like TrickBot because it works. Improvements over time are refined not only by the level of damage they cause, but also by creating an improved message that more users respond to. Keeping aware of email phishing means avoiding subjects that aggressively prey on any type of emotion, threaten, or make you believe something is urgent. Those should be deleted immediately. Extreme caution is necessary, and always avoid following embedded links and opening any attachments. If you cannot be 100% sure that link is good to go, verify it independently of any email with the sender. Remember not to enable macros unless you either created them or are certain they are safe. Macro malware is becoming more common these days. If you haven’t checked, make sure your macros are disabled by default.

To succeed, TrickBot is counting on users not having secure email cyber-sense. Don’t be one of them!

Despite warnings, citizens are still falling for bogus tax refund scams. The most recent discovery was in the involved hackers posing as government tax office officials. Filers were sent phishing emails promising refunds, roughly in the amount of $710.00 U.S., that would be deposited directly to one’s credit card. That’s a tempting chunk of change for most, and an offer many find too difficult to pass up. Refund scams, especially those emails claiming to be from an “official” entity have been wildly popular among hackers for one simple reason – they work. Although this phishing scam was discovered in the UK, it continues to happen in the U.S. Our own hacking history shows phishing emails claiming to be from the IRS have supplied significant hacker bait. There’s no shortage of warnings on the IRS website about tax-related phishing scams, especially those using email and telephone.

Although it was clearly amateur hour for the UK hackers – the email subject lines were formatted poorly, and the sender’s address had nothing to do with the government – it shows just how easily human nature is tempted. After all, nobody’s perfect, and who wouldn’t want a tax refund they didn’t expect? The hackers’ first tactic was placing a sense of urgency to the refunds, saying they would expire on the same day the phishing email was received. Those who took the bait were redirected to fake web pages. The first looked like a Microsoft Outlook page, requiring log in credentials, including passwords. Once that was stolen, a new page popped up with only boxes to provide some very sensitive information – full credit card details including the security code, date of birth, mother’s maiden name, and more. Quite simply, everything necessary to steal your credentials and money.

It may be difficult to believe someone would fall for such a poorly constructed scam, but the list of email phishing victims continues to grow. In the U.S. as well as the UK, vigilance toward these scams is always needed, and there are some basics to remember should you receive an email promising something too good to be true.

First and foremost, if an offer sounds too good to be true, assume it is. Hackers preying on emotions have no shortage of success. Remember, as far as taxes are concerned in the U.S., the IRS never initiates contact by email or phone. The US mail is the only way you will know the sender is legitimate. As this UK tax scam proved, paying attention to detail is crucial. Always look for poorly written content as well as typos, and always check the sender’s URL address. If others paid attention to these details in the UK, it may have prevented a lot of heartache. It’s certainly no different in the US, where email phishing and tax scams continue to have enormous success despite continued warnings by the IRS. Being vigilant against email phishing is the best route to staying secure, no matter whom the email claims to be from and what the subject line claims to offer.

Being duped by a phishing email on your personal account can be devastating enough, but when it happens at work, the risk magnifies many times over. Email phishing targets business with one purpose in mind: Trick unsuspecting employees into opening an email and clicking on its attachments. By now it’s no secret those attachments contain malware that steals data, money, and reputations. Hackers know it’s proven time and again to work and it sometimes ends with companies hanging up an “Out of Business” sign. A projection by Trend Micro believes BEC (Business Email Compromise) phishing attacks will reach $9 billion in 2018.

Hackers make it very difficult to tell the genuine from the fake, and some are more clever than others. They know that any employee is a human being first and foremost and subject to fall victim to even the best of intentions. Being both human and an employee, hackers often exploit that vulnerability as the one trait they can count on. Aside from the emotional component, the “everyday” emails necessary for a business are also targeted. According to the Internet Crime Complaint Data Center, malicious attachments having to do with invoices, payments, purchase orders, and receipts are the most common email phishing tactics. Employees tricked into providing any type of account numbers get right to the heart of the matter for hackers–financial data leading to easy theft. Whether you’re at work or at home, hackers are always dreaming up ways to get you to send money or give up sensitive data. Below are just some of the topics that hackers use for phishing attacks.

Urgency. Often impersonating a senior executive, these are emails supposedly coming from the top and require you to take immediate action to pay an invoice, transfer funds, or provide other key details. The assumption hackers make is that an employee getting immediate direction from a senior level executive will do whatever they are asked, quickly and without question. But question it. Don’t go around processes just because it’s someone with more authority than you. Keep in mind what information they request and if that person has no obvious need for it or has never requested anything similar before, call the requestor before taking action. Be 100% sure before you do it.

Impersonation. It’s not beyond hackers to impersonate the IRS with a tax-related email offering a refund, or, that you owe taxes and need to pay up–and quickly. Either way, remember the IRS initiates contact through the US Postal Service ONLY and never through an email. Hackers also impersonate any number of business operations like FedEx, Amazon, Netflix, and other companies. Emails said to be from these and other entities require an immediate action from recipients; something as simple as asking for account details–financial and otherwise–to steal information and resources. Never click a link to verify account information. Go directly into your account using a bookmarked link or a link you know to be safe.

Gee, You’re Great! Don’t be surprised to find you may have a fan. Flattery may get one many places, including access to all kinds of confidential information. As difficult as it may be to imagine, getting showered with compliments in an email can lower your guard to a phishing attack. This example shows the lengths hackers are willing to go with phishing emails. They’ll stop at absolutely nothing to grab your attention and catch you off-guard–that’s how it works! Yes, you are wonderful, but don’t click links or attachments. Instead, call up the sender and tell him or her thanks for the compliment. If you don’t know the sender, ask why they’d be so nice and then assume it’s some type of scam.

TrickBot banking Trojan has been waging malware attacks since 2016. Today it’s clear there is a stronger and more insidious version of this Trojan that’s focusing its efforts on U.S. financial institutions. Originally, TrickBot was a spam-centered Trojan stealing credit card and other financial data. It’s now morphed into a virus that injects malware into banking systems, locking computers and their functions. Considering the scale of a corporate banking network, hundreds of computers can be locked at the same time, affecting critical system functions.

The latest version of TrickBot not only steals login credentials but can also deliver other malicious programs that can lock a home PC or if it gets on a corporate network, lock entire systems. This gives a much bigger financial haul than the measly payment card information of the past. Using extortion tactics like ransomware are lucrative and effective, with hackers knowing ransomware puts victims in a lose-lose situation. If a company doesn’t pay the ransom, their systems are down until restored and hopefully protected from future attacks. Paying-up sends a message that the ransom plan worked, giving cyber thieves no reason to stop further attacks.

Experts believe TrickBot is in a constant state of development. For the moment, it appears that the screen locking is not fully functioning. However, the next version will likely be bigger and meaner – so look out. They also believe the Trojan is morphing into a malware-dropper, picking and choosing what to dump onto a system. It's also targeting systems that are not patched with the security updates.

TrickBot’s success should also be sending a message to businesses about the importance of cyber security. Having a good cyber defense can be the best offense, and it keeps customers and data systems safe. Paying a ransom or not paying is never an easy choice. If nothing else, it should force a company to find out what allowed the attack to begin with. Taking stock of cyber security basics can help prevent making that difficult decision when your back is against the wall.

How to Avoid TrickBot

Keep security patches updated as soon as they’re available, as well as system updates. Consider bolstering security with other software options.

Have a solid backup system. Should ransomware strike, important files can quickly be restored.

If security procedures and backups aren’t used, consider ahead of time what your response to a ransomware attack will be. Quick responses can limit the length and extent of damages. Remember, doing things the right way can prevent attacks overall.

That deadline is looming. You know the one. The tax return filing deadline is just around the corner. This year, it’s Tuesday, April 17 and don’t think for a second that the cybercriminals out there are not very aware of this date. In fact, the IRS is warning taxpayers once again to be on the lookout for tax related telephone and email phishing scams as the dreaded Tuesday nears.

No longer can we count on the scams being easy to spot. In fact, some of the most technically aware people out there have reportedly been victims of such schemes, including Facebook’s Mark Zuckerberg. This is because the criminals are getting better and better at making the messages believable.

Just remember a few things:

The IRS does not initiate contact with taxpayers via email or telephone. They will start with a written letter sent via the U.S. Postal Service.

If there is a claim that you will be arrested, owe a bigger fine, or your accounts will be locked if you don’t click something immediately, it’s likely a scam. The IRS will give you time to appeal a fine or contact them to make payment arrangements before assessing a penalty.

If you do click on a link and then a box pops up asking for more information, don’t enter anything. Often, these will want administrator access and if you enter in your computer’s or device’s password, they will have it and can do all kinds of nefarious things such as install malware that can spy on you to steal login credentials for your banking accounts.

If it’s a recorded call, it’s probably a scam. Don’t call the number they provide. Instead, go to the IRS website and find contact numbers there. This goes for information provided in email. Don’t just reply. Pick up the phone and contact the IRS from a number off its website.

IRS agents will not ask for payment card information via the telephone or in email or on a form that pops up after you click a link or attachment.

Be on the lookout for voicemail and email messages phishing for information for the next few weeks and months as Tax Day passes. Remember if it sounds urgent and threatening, it’s likely a scam. Just don’t click links or attachments. Make sure your anti-virus software is updated and that all your device’s patches are up-to-date as well and you can let that dreaded date pass by without a worry.

We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our use of cookies policy.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

This Privacy Policy applies to and is provided on behalf of Stickley on Security. (collectively referred to as "We", "Us", or "Our") and describes Our information gathering
practices and policies in connection with this Site. We value your ("User", "You", or "Your") privacy and recognize the sensitivity of Your personal information. We are
committed to protecting Your personal information and using it only as appropriate to provide You with the best possible service, products, and opportunities. Use of this
Site constitutes consent to Our collection and use of personal data as outlined herein.

COLLECTION AND USE OF PERSONAL INFORMATION FROM SITE USERS

We collect personally identifiable information from Users who provide it to us for billing purposes. For example, We collect Your name, street address, city, state, zip
code, telephone number, email address, and financial information, such as a credit card number, if You use the Site to register or renew a license. We may use this
information to contact You regarding the status of Your account and orders placed, and to alert You to new information, products and services, events and other
opportunities. We recognize that You may wish to limit the ways in which You are contacted and provide You with opt-out options below. Information about Our experiences and
transactions with you, such as your payment history, types of services and/or products you purchased are not shared with organizations outside of Stickley on Security.

We will not disclose to third parties (that is, people and companies that are not affiliated with Us) individually identifying information, such as names, postal and e-mail
addresses, telephone numbers, and other personal information, except to the extent that it is necessary to process and provide You with Your order, license request or
other request. Your contact information may also be provided to the extent necessary to comply with applicable laws or legal processes (e.g., subpoenas), or to meet contractual obligations outlined in this policy, or to protect Our
rights or property. We will cooperate with all law enforcement authorities.

If Your order, license request or other request is processed by a third-party, or if You are provided with bulletin boards and chat rooms and/or email capabilities on
this Site, please note that in the event that You voluntarily disclose personally identifiable information in those instances, that information, along with any substantive
information disclosed in Your communication or post, can be collected, correlated and used by third parties. This may result in unsolicited messages from third parties. Such
activities are beyond Our control, and We encourage You to check the applicable privacy policy of such party when providing personally identifiable information.

For each visitor to this Site, Our server can detect and collect certain information, including the User's domain name and e-mail address, and can identify the Web pages the
User visited or accessed. We may use this information in order to measure interest in and use of the various areas of the site.

We do not knowingly solicit information from children and We do not knowingly market the Site or its services to children.

OPT-OUT

You may at any time opt out of having Your personal information used by Us to send You promotional correspondence by contacting Us via e-mail provided in the "Contact Us"
section below.

PROMOTION CODES

"Promotion codes" are offered by third-party affiliates of the Stickley on Security Training Videos. If you choose to include a "Promotion Code" when placing your order, the affiliate who is associated with that promotional code will receive your organizations name. They will NOT however receive any other information related to your account. The sharing of the organization name only applies when a "Promotion Code" is included during the order process.

USE OF COOKIES

1. First-party cookies
User input cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session, or persistent cookies limited to the duration of an operation such as purchase or trial;
User identification persistent cookies, to identify the user visited the website for the first time;
Authentication cookies, to identify the user once he has logged in, for the duration of a session;
user interface customization cookies such as time zone and shopping cart status info, for the duration of a session (or slightly longer).

2. Third-party cookies
social plug in content sharing cookies, for logged in members of a social network;
Google Analytics cookies to generate statistical data on how the visitor uses the website.

How do we use them?
Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.

For functionality. These cookies and similar technologies remember choices you make such as time zone and shopping cart info. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.

For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products, services and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.

Social media cookies. These cookies are used when you share information using a social media sharing button or .like. button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use our Services.

Updates to this Cookie Policy
This Cookie Policy may be updated from time to time. If we make any changes, we will notify you by revising the "effective starting" date at the top of this notice.

INFORMATION SECURITY AND CONFIDENTIALITY

We maintain physical, electronic and procedural safeguards to prevent the unauthorized release of or access to Your personal information. When We transfer and receive
certain types of sensitive information such as financial information, We redirect visitors to a secure server. We do not store or reuse Your credit card information. We do
not record or manager financial information about You (including credit card and other payment information). However, such precautions do not guarantee that this Site is
invulnerable to all security breaks. We make no warranty, guarantee, or representation that the use of this Site is protected from viruses, security threats, or other
vulnerabilities and that Your information will always be secure. We cannot guarantee the confidentiality of any communication or material transmitted to/from Us via the Site
or e-mail. Use of the Internet is solely at Your own risk and is subject to all applicable local, state, federal, and international laws and regulations.

THIRD PARTY PROCESSING

Stickley on Security uses the vendor Authorize.net to process all payment transactions. When making a purchase on this site, You also accept the Terms and Conditions and
Privacy Policy of Authorize.net.

CONTACT US

This Privacy Policy may be updated periodically and posted on this Site. It applies only to Our online practices and does not encompass other areas of the organization. We
reserve the right to change this Policy at any time by posting revisions. By accessing or using the Site, You agree to be bound by all of the Terms of this Privacy Policy as
posted at the time of Your access or use. We reserve the right to contact Users of the Site regarding changes to the Terms and Conditions generally, this Privacy Policy
specifically, or any other policies or agreements relevant to the Site's Users. If You have any questions about this Policy, You may email to:

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates.
Each week you will receive an email containing the latest cyber security news, tips and breach notifications.

Simply complete the form below and you're all set.

You're all set!

You will receive your first official security update email within the next week.
A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.